Network passwords will soon be a thing of the past
By Staff Sgt. C. Todd Lopez, Air Force Print News
/ Published April 25, 2006
WASHINGTON (AFPN) -- Airmen have been carrying around some pretty high-tech identification cards in their wallets for quite a while now. That technology will soon be put to good use.
For many, the Common Access Card, or "CAC," is just a replacement for the green military ID card used for so many years. But the card can be used for more than getting Airmen past gate security. The cards carry digital "certificates" that allow a user to more securely identify themselves to a computer network.
It is that secure networking capability the Air Force expects to begin taking advantage of, said Lt. Gen. Michael W. Peterson, the Air Force chief of warfighting integration and chief information officer.
"So much of our warfighting capability is inherent to our networks, and our ability to go to war relies on our networks," the general said. "We have absolutely got to lock the networks down. Passwords and usernames are no longer sufficient against the sophisticated hackers that are out there. It is time to move on to the common access card, and use the embedded technology on their microchips."
By July, the Air Force expects that nearly 80 percent of Airmen and Air Force civilians will use their CAC to log in to their NIPRNet, or "Non-secure Internet Protocol Router Network," accounts at work.
Once fully implemented, users can forget their network account names and passwords. Instead, they will log in to work computers by sliding their CAC into readers and entering a personal identification number. The need to have a physical product, a card, to get into the network, provides a level of security beyond the traditional password and login name combination, General Peterson said.
"It is something you have in your hand and something you know, instead of two things you know," General Peterson said.
Because the CAC also serves as a military ID and is used to gain physical access to Air Force installations and resources, Airmen know how important it is to protect it. General Peterson said he believes the emphasis Airmen put on protecting their CAC from loss will translate to protecting the Air Force network when they begin using it to log in there.
The common access card is not unique to the Department of Defense. Similar cards are used throughout the civilian world and government agencies, both in the United States and other countries. The technology is similar to the "Security Identity Module" or SIM chips used in cellular phones. The microchips on CACs hold about 65,000 characters of information, equivalent to about two and a half copies of the United States Constitution.
The unique digital certificates stored on the CAC are of critical importance. Those certificates are used to confirm the identity of cardholders to Air Force computer networks. The same certificates also allow Airmen to digitally sign and encrypt e-mail messages.
In addition to certificates, the cards also store a member's full name, e-mail address, date of birth, gender, blood type, organ donor status, military exchange and commissary status, and meal plan status. While a fingerprint was taken at the time the cards were issued, that data is not actually stored on the card, but rather in an online database. All the information is protected by a personal identification number.
While not all computer systems in the Air Force will require Airmen to use a CAC for login, most eventually will. The change, said General Peterson, is part of the future of network security, and is important to protecting the Air Force's vast warfighting network.
"This is about identity management and rights management on the network and making sure that warfighting system is available when we need it," General Peterson said. "This is a quantum step in securing our networks. But I believe 24 months from now we will all simply look at this as the way we do business."
General Peterson said that the Air Force is aware that not all users of Air Force computer networks possess a CAC, especially in overseas locations. He also said that some computer systems, such as those aboard Air Force aircraft, do not possess the ability to utilize a CAC. The Air Force information technology community is working on solutions to those challenges.